A system and method for performing an on-line check of a file system modifies various function calls within a file system layer of a storage operating system so that each time the particular inode is retrieved using the modified function calls, a check is performed on the inode and associated buffer...http://www.google.es/patents/US7734597?utm_source=gb-gplus-sharePatente US7734597 - System and method performing an on-line check of a file system

System and method performing an on-line check of a file systemUS 7734597 B2

Resumen

A system and method for performing an on-line check of a file system modifies various function calls within a file system layer of a storage operating system so that each time the particular inode is retrieved using the modified function calls, a check is performed on the inode and associated buffer trees before returning the requested inode to the calling process.

Imágenes(11)

Reclamaciones(25)

1. A method for operating a storage system on a server, comprising:

initiating, at the server comprising a processor and a memory, a file system checking process with respect to a portion of a file system;

accepting data access requests at the server during the file system checking process, wherein the data access requests are read or write requests;

suspending, by the server, return of data access request results until the file system checking process has been performed with respect to the portion of the file system being checked, whereby the file system remains available for use during the file system checking process;

determining the portion of the file system to be checked based on file system structures identified by the data access requests, wherein the portion of the file system to be checked is a directory or a file;

determining whether the identified requested file system structure is a file inode or a directory inode;

in response to determining the identified requested file system structure is the file inode, determining that a number of buffer trees in the file system associated with the file inode have valid pointers;

in response to determining the identified requested file system structure is the directory inode, determining that a directory tree can be traversed from the directory associated with the directory inode upwards to a root directory; and

in response to completing the file system checking process, returning the data access requests results.

2. The method of claim 1, wherein the files system remains available for use comprises the file system being available to receive read and write requests.

3. The method of claim 1, further comprising:

performing the file system checking process in response to a file system check command.

4. The method of claim 3, further comprising:

flushing, in response to the file system check command, a memory cache to a plurality of storage devices in the storage system in which the file system is stored.

5. The method of claim 1, further comprising:

performing the file system checking process with respect to at least file system structures identified by the data access request to detect a problem with the file system before the storage operating system returns the data access request results.

6. The method of claim 5, further comprising:

repairing the detected problem before the storage operating system returns the data access request results.

7. The method of claim 1, further comprising:

performing the file system checking process automatically upon occurrence of a selected event or condition.

8. The method of claim 1, further comprising:

performing the file system checking process to check selected file system structures as a background process without identification by data access requests.

9. The method of claim 8, further comprising:

checking file system structures sequentially as the background process to ensure that the file system structures are checked.

10. The method of claim 1, further comprising:

running the storage system in “modified” operation during the file system checking process.

11. The method of claim 1, further comprising:

performing the file system checking process as an online checking process.

program instructions that initiate, at a server comprising a processor and a memory, a file system checking process with respect to a portion of a file system;

program instructions that accept data access requests at the server during the file system checking process, wherein the data access requests are read or write requests;

program instructions that suspend, by the server, return of data access request results until the file system checking process has been performed with respect to the portion of the file system being checked, whereby the file system remains available for use during the file system checking process;

program instructions that determine the portion of the file system to be checked based on file system structures identified by the data access requests, wherein the portion of the file system to be checked is a directory of a file;

program instructions that determine whether the identified requested file system structure is a file mode or a directory inode;

program instructions that determine that a number of buffer trees in the file system associated with the file mode have valid pointers in response to the identified requested file system structure being the file inode;

program instructions that determine that a directory tree can be traversed from the directory associated with the directory mode upwards to a root directory in response to the identified requested file system structure being the directory inode; and

program instructions that return the data access request results in response to completing the file system checking process.

13. A storage system comprising:

a file system; and

a network adapter configured to receive data access requests during a file system checking process, wherein the data access requests are received by the network adapter while the file system is undergoing the file system checking process and the data access requests are read or write requests;

a processor configured to,

initiate the file system checking process with respect to a portion of the file system,

suspend return of data access request results until the file system checking process has been performed with respect to the portion of the file system being checked, whereby the file system checking process is performed such that the file system remains available for use by other clients during the file system checking process,

determine whether the identified requested file system structure is a file inode or a directory inode;

in response the identified requested file system structure being the file inode, determine that a number of buffer trees in the file system associated with the file mode have valid pointers,

in response to the identified requested file system structure being the directory inode, determine that a directory tree can be traversed from the directory associated with the directory mode upwards to a root directory; and

return the data access request results in response to completing the file system checking process to the client.

14. The storage system of claim 13,

wherein the file system remains available for use comprises the file system being available to receive read and write requests.

15. The storage system of claim 13, further comprising: a “lost and found” directory, the processor to link the associated directory to the “lost and found” directory for processing, in the event the directory tree can not be traversed during the file system checking process.

16. The storage system of claim 13, wherein the file system checking process is in response to a file system check command.

17. The storage system of claim 16, further comprising:

a memory cache; and

a plurality of storage devices storing the file system, the processor to flush, in response to the file system check command, the memory cache to the plurality of storage devices.

18. The storage system of claim 13, further comprising: the processor to,

perform the file system checking process with respect to at least the file system structures identified by the data access request to detect a problem with the file system before the storage operating system returns the data access request results.

19. The storage system of claim 18, wherein the detected problem is repaired before the storage operating system returns the data access request results.

20. The storage system of claim 13, wherein file system checking process is performed automatically upon occurrence of a selected event or condition.

21. The storage system of claim 13, further comprising: a background process to perform the file system checking process to check selected file system structures without identification by data access requests.

22. The storage system of claim 21, wherein the background process checks file system structures sequentially to ensure that the file system structures are checked.

23. The storage system of claim 13, wherein the storage system is in “modified” operation during the file system checking process.

24. The storage system of claim 13, wherein the file system checking process is an online checking process.

25. The computer storage readable medium of claim 11, wherein the file system remains available for use comprises the file system being available to receive read and write requests.

Descripción

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a divisional of commonly assigned U.S. patent application Ser. No. 10/105,022, which was filed on Mar. 22, 2002 now U.S. Pat. No. 6,895,413, by John K. Edwards, entitled, “SYSTEM AND METHOD FOR PERFORMING AN ON-LINE CHECK OF A FILE SYSTEM,” the contents of which are hereby incorporated by reference.

FIELD OF THE INVENTION

The present invention relates to file systems and, more particularly to verification of file systems.

BACKGROUND OF THE INVENTION

A file server is a computer that provides file service relating to the organization of information on storage devices, such as disks. The file server or filer includes a storage operating system that implements a file system to logically organize the information as a hierarchical structure of directories and files on the disks. Each “on-disk” file may be implemented as a set of disk blocks configured to store information, such as text, whereas the directory may be implemented as a specially-formatted file in which information about other files and directories are stored. A filer may be configured to operate according to a client/server model of information delivery to thereby allow many clients to access files stored on a server, e.g., the filer. In this model, the client may comprise an application, such as a file system protocol, executing on a computer that “connects” to the filer over a computer network, such as a point-to-point link, shared local area network (LAN), wide area network (WAN), or virtual private network (VPN) implemented over a public network such as the Internet. Each client may request the services of the filer by issuing file system protocol messages (in the form of packets) to the filer over the network.

A common type of file system is a “write in-place” file system, an example of which is the conventional Berkeley fast file system. By “file system” it is meant generally a structuring of data and metadata on a storage device, such as disks, which permits reading/writing of data on those disks. In a write in-place file system, the locations of the data structures, such as inodes and data blocks, on disk are typically fixed. An inode is a data structure used to store information, such as metadata, about a file, whereas the data blocks are structures used to store the actual data for the file. The information contained in an inode may include, e.g., ownership of the file, access permission for the file, size of the file, file type and references to locations on disk of the data blocks for the file. The references to the locations of the file data are provided by pointers, which may further reference indirect blocks that, in turn, reference the data blocks, depending upon the quantity of data in the file. Changes to the inodes and data blocks are made “in-place” in accordance with the write in-place file system. If an update to a file extends the quantity of data for the file, an additional data block is allocated and the appropriate inode is updated to reference that data block.

Another type of file system is a write-anywhere file system that does not overwrite data on disks. If a data block on disk is retrieved (read) from disk into memory and “dirtied” with new data, the data block is stored (written) to a new location on disk to thereby optimize write performance. A write-anywhere file system may initially assume an optimal layout such that the data is substantially contiguously arranged on disks. The is optimal disk layout results in efficient access operations, particularly for sequential read operations, directed to the disks. A particular example of a write-anywhere file system that is configured to operate on a filer is the Write Anywhere File Layout (WAFL™) file system available from Network Appliance, Inc. of Sunnyvale, Calif. The WAFL file system is implemented within a microkernel as part of the overall protocol stack of the filer and associated disk storage. This microkernel is supplied as part of Network Appliance's Data ONTAP™ software, residing on the filer, that processes file-service requests from network-attached clients.

As used herein, the term “storage operating system” generally refers to the computer-executable code operable on a computer that manages data access and may, in the case of a filer, implement file system semantics, such as the Data ONTAP™ storage operating system, implemented as a microkernel, and available from Network Appliance, Inc. of Sunnyvale, Calif., which implements a Write Anywhere File Layout (WAFL™) file system. The storage operating system can also be implemented as an application program operating over a general-purpose operating system, such as UNIX® or Windows NT®, or as a general-purpose operating system with configurable functionality, which is configured for storage applications as described herein.

Disk storage is typically implemented as one or more storage “volumes” that comprise physical storage disks, defining an overall logical arrangement of storage space. Currently available filer implementations can serve a large number of discrete volumes (150 or more, for example). Each volume is associated with its own file system and, for purposes hereof, volume and file system shall generally be used synonymously. The disks within a volume are typically organized as one or more groups of Redundant Array of Independent (or Inexpensive) Disks (RAID). RAID implementations enhance the reliability/integrity of data storage through the redundant writing of data “stripes” across a given number of physical disks in the RAID group, and the appropriate caching of parity information with respect to the striped data. As described herein, a volume typically comprises at least one data disk and one associated parity disk (or possibly data/parity) partitions in a single disk) arranged according to a RAID 4, or equivalent high-reliability, implementation.

Known storage operating systems typically contain a program to check and repair an associated file system. Examples of such file system checking programs include the UNIX-based fsck program and the checkdisk command on Microsoft Windows®-based systems. These known file system checking programs typically execute while the file system being verified is offline. By “offline” it is meant that the file system is not available for data access by users of the file system.

An example of a known file system verification program is the WAFL Check program available from Network Appliance, Inc. of Sunnyvale, Calif. The WAFL Check program executes on file servers running Network Appliance's Data ONTAP storage operating system and checks and repairs file systems using the WAFL file system.

The WAFL Check program operates in two phases: an mode phase and a directory phase. In the mode phase, the file system verification program looks at each buffer tree associated with an inode. A “buffer free” is a linked list of indirect and direct inode blocks which, in turn, point to file data blocks on the disks that comprise the file system. The WAFL Check program moves down each buffer tree and verifies that all pointers are valid and that no cross links occur. By “cross link” it is meant that an inode or file data block has multiple pointers to it.

In the directory phase, the WAFL Check program verifies the directory structure stored within the file system. In the example of the WAFL Check program, the checking process first goes through all of the file inodes of the file system and then through all of the directories of the file system. After making these two passes through the file system, and correcting any noted errors in the file system, the checking program completes.

In known examples, file system verification programs are executed when a user believes that there is a problem with the file system. For example, a crash or other file system failure may have occurred. A noted disadvantage of known file system checking programs is the substantial amount of time required to perform the file system check. As the file system is off-line and unavailable for data access by users, this checking time results in a prolonged period in which the data stored in a file system is unavailable to users.

SUMMARY OF THE INVENTION

This invention overcomes the disadvantages of the prior art by providing a system and method for performing on-line checking a file system in which inodes and directories comprising the file system are checked when first accessed. In the illustrative embodiment, the function calls in a storage operating system that load inodes (LoadInode( )) and buffer trees (LoadBuffer( )) are modified so that before an inode or buffer tree is returned to the process that called the loading function, a check is performed of the inode and related buffer trees. This checking procedure also repairs predetermined problems with file system coherency and consistency to ensure that the file system is stable and usable.

When a process executing within the storage operating system calls either LoadInode( ) or LoadBuffer( ), the modified function suspends the return of the requested object until a check is performed. The checking procedure then loads the requested inode or buffer tree and determines if it associated with a regular file or a directory. If the requested inode is a regular file inode, then the checking procedure checks the associated buffer trees of the inode. This procedure ensures that all buffer trees have valid pointers, that any given block does not have multiple points to it, and other file system coherency checks. The checking procedure corrects any noted errors in the file system. If the selected inode is a directory inode, then the checking procedure performs a directory check of the selected inode. The directory checking procedure traverses the directory tree from the selected directory upwards to the root directory. Certain special cases of directories are not linked to the root directory. If a directory is not a special case and does not link to the root directory, then the directory is linked to a lost and found directory for later processing.

In the illustrative embodiment, a background process is created that sequentially loads inodes. This background process ensures that all inodes of the file system will be checked, even if another process or application does not request a particular inode.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and further advantages of the invention may be better understood by referring to the following description in conjunction with the accompanying drawings in which like reference numerals indicate identically or functionally similar elements, of which:

FIG. 1 is a schematic block diagram of an exemplary file system data structure including buffer trees;

FIG. 2 is a schematic block diagram of an exemplary network environment including a file server;

FIG. 3 is a schematic block diagram of an exemplary file server of FIG. 2;

FIG. 4 is a schematic block diagram of an exemplary storage operating system for use with the file server of FIG. 3;

FIG. 5 is a flow chart detailing the procedure performed in initiating the checking of a file system;

FIG. 6 is a flow chart of the steps of a procedure for mounting a volume in accordance with an embodiment of this invention;

FIG. 7 is a flow chart detailing the steps of procedure of performing on-line checking in accordance with an embodiment of this invention;

FIG. 8 is a flow chart detailing the steps of a procedure to perform on-line checking of an inode in accordance with an embodiment of this invention;

FIG. 9 is a flow chart detailing the steps of a procedure to perform on-line checking of a directory in accordance with an embodiment of this invention; and

FIG. 10 is a flow chart of the steps performed by procedure in insuring that all inodes of a file system are checked.

DETAILED DESCRIPTION OF AN ILLUSTRATIVE EMBODIMENT

A. Network Environment

FIG. 2 is a schematic block diagram of an exemplary network environment 200 in which the principles of the present invention are implemented. The environment 200 is based around a network cloud 205. This network cloud can be a local or network (LAN), a wide area network (WAN), virtual private network (VPN) utilizing communication links over the internet, for example, or a combination of LAN, WAN and VPN implementations can be established. For the purposes of this description, the term network cloud should taken broadly to include any acceptable network architecture. The network cloud 205 interconnects various clients 210. Also attached to the network cloud is a file server 300. This file server, described further below, is configured to control storage of, and access to, data and a set 220 of interconnected storage volumes 215. Each of the devices attached to the network cloud include an appropriate conventional network interface arrangement (not shown) for communicating over the network cloud using desired communication protocols such as the well-known Transport Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP), Hyper Text Transport Protocol (HTTP), Simple Network Management Protocol (SNMP), or Virtual Interface Connections (VI).

B. File Servers

FIG. 3 is a more-detailed schematic block diagram of an exemplary file server 300. By way of background, a file server or filer, is a computer that provides file service relating to the organization of information on storage devices, such as disks. However, it will be understood by those skilled in the art that the inventive concepts described here any may apply to any type of file server, wherever implemented as a special-purpose or general-purpose computer, including a standalone computer.

The file server 300 comprises a processor 305, a memory 310, a network adapter 315, a nonvolatile random access memory (NVRAM) 320 and a storage adapter 325 interconnected by system bus 330. Contained within the memory 310 is a storage operating system 400 that implements a file system to logically organize the information as a hierarchical structure of directories and files on the disks. In the illustrative embodiment, the memory 310 comprises storage locations that are addressable by the processor and adapters for storing software program code. The operating system 400, portions of which are typically resident in memory and executed by the processing elements, functionally organizes the filer by inter alia, invoking storage operations in support of a file service implemented by the file server.

The network adapter 315 comprises a mechanical, electrical and signaling circuitry needed to connect the file server 300 to client 210 over network cloud 205. The client 210 maybe a general-purpose computer configured to execute applications, such as data base applications. Moreover, the client 210 may interact with the filer server 500 in accordance with the client/server model of information delivery. That is, the client may request the services of the file server, and the file server may return the results of the services requested by the client, by exchanging packets defined by an appropriate networking protocol.

The storage adapter 325 cooperates with the storage operating system 400 executing on the file server to access information requested by the client. Information maybe stored on the volumes 215 (FIG. 2) that is attached via the storage adapter 325 to the file server. The storage adapter 325 includes input/output (I/O) interface circuitry that couples to the disks over in I/O interconnect arrangement, such as a Fibre Channel serial link topology. The information is retrieved by the storage adapter and, if necessary, processed by the processor 305 (or the adapter 325 itself) prior to being forwarded over the system bus 330 to the network adapter 315, where information is formatted into appropriate packets and returned to the client 210.

In one exemplary file server implementation, the file server can include a nonvolatile random access memory (NVRAM) 320 that provides fault-tolerant backup of data, enabling the integrity of filer server transactions to survive a service interruption based upon a power failure, or other fault.

C. Storage Operating System

To facilitate the generalized access to the volumes 215, the storage operating system 400 implements a write-anywhere file system that logically organizes the information as a hierarchical structure of directories and files on the disks. Each “on-disk” file may be implemented as a set of disks blocks configured to store information, such as data, where as the directory may be implemented as a specially formatted file which other files and directories are stored. As noted above, in the illustrative embodiment described herein, the operating system is the NetApp® Data ONTAP™ operating system available from Network Appliance, Inc., that implements the write-anywhere file layout (WAFLTN™) file system. It is expressly contemplated that any appropriate file system can be used, and as such, where the term WAFL or file system is employed, it should be taken broadly to refer to any file system that is otherwise adaptable to the teachings of this invention.

The storage operating system comprises a series of software layers, including a media access layer 405 of network drivers (e.g., an Ethernet driver). The storage operating system 400 further includes network protocol layers, such as the Transport Control Protocol (TCP) layer 415 and the User Datagram Protocol (UDP) layer 420 and a supporting Internet Protocol (IP) layer 410.

A file system protocol layer provides multi-protocol data access and, to that end, includes support for the Network File System (NFS) protocol 435, the Common Internet File System (CIFS) protocol 430 and the Hyper Text Transfer Protocol (HTTP) 425. In addition, the storage operating system 400 includes a disk storage layer 440 that implements a disk storage protocol, such as a RAID protocol, and a disk driver layer 445 that implements a disk access protocol such as, e.g., a Small Computer System Interface (SCSI) protocol.

Bridging the disk software layers with the network and file system protocol layers is a file system layer 450 of the storage operating system 400. Generally the file system layer 450 implements a file system having an on-disk format representation that is blockbased using, e.g., 4-kilobyte (KB) data blocks and using inodes to describe the files. In response to transaction requests, the file system generates operations to load (retrieve) the requested data from volumes 215 if it is not resident “in-core,” i.e., in the filer's memory 310. If the information is not in memory, the file system layer 450 indexes into the inode file using the inode number to access an appropriate entry and retrieve a logical volume block number. The file system layer 450 then passes the logical volume block number to the disk storage (RAID) layer, which maps that logical number to a disk block number and sends the latter to an appropriate driver (for example, an encapsulation of SCSI implemented on a fibre channel disk interconnection) of the disk driver layer. The disk driver accesses the disk block number from volumes 215 and loads the requested data in memory 310 for processing by the filer 300. Upon completion of the request, the filer (and storage operating system) returns a reply, e.g., a conventional acknowledgement packet defined by the CIFS specification, to the client 210 over the network 205.

It should be noted that the storage access request data path 460 through storage operating system layers described above needed to perform data storage access for the client requests received the file server may alternately be implemented in hardware, software or a combination of hardware and software. That is, in an alternative embodiment of this invention, the storage access request data path 460 may be implemented as logic circuitry embodied within a field programmable gate array (FPGA) or in an application specific integrated circuit (ASIC). This type of hardware implementation increases the performance of the file service provided by the file server 300 in response to a file system request issued by a client.

D. File System Checking

The file system checking processes 455 within the file system layer 450 of the storage operating system permits on-line file system checking. The initialization procedure 500 of the illustrative on-line file system checking process is shown in FIG. 5. In step 505, the user enters a file system check command. This command can be entered to the file server via a command line interface (CLI) or via a graphical user interface (GUI) or via any other input methodology. In alternate embodiments, the storage operating system can be configured so that the file system check will automatically initiate upon a set event, for example, a crash or other error condition. Upon an entry of the check command, the file system layer suspends client messages in step 510. This suspension of client messages means that a file system layer will accept file system commands, including, for example, data write and/or read commands. However, while the client messages are suspended, the file system will not act upon the file system command. To the process or client initiating the file system command, it appears that there is a delay in the execution of a file system command. Next, in step 515, the volume to be checked is unmounted. In the illustrative embodiment of the Data ONTAP storage operating system, the unmounting of a volume causes any in-core caches to be flushed to the volume. This results in the physical disks comprising the volume to be in a consistent state. And next, in step 520, the checking routines are initialized. In the illustrative embodiment, the file system layer includes a command that retrieves an inode for further processing. To perform the on-line checking, the checking processes modifies this LoadInode( ) command to include a check of the file system structure, e.g., inode or directory, being accessed. The checking routines first perform the check of the inode to be retrieved before returning the inode to the process that called LoadInode( ). Next, the volume is remounted as described in procedure 600. Once the volume is remounted, the file system layer resumes client messages in step 525. After the resumption of client messages, client messages which have either been suspended or which are later received by the file system layer will be processed using the modified LoadInode( ) function. Thus, any request for an inode will first check that inode and associated buffer trees before returning the inode to the calling process.

The procedure 600 performed by the file system layer in mounting a volume is shown in FIG. 6. The file system information block is first loaded in step 605. The file system information block, as described above, contains numerous metadata relating to the file system. Next, in step 610, an inode file is selected. Typically, the inode file associated with the file system information block would be selected. However, in certain configurations, alternate inode files would be loaded. Then, in step 615, the active map is loaded. The active map is a data structure that is utilized by the file system to track which blocks are used by the active file system. It should be noted that during this and other subsequent load operations, the modified LoadInode( ) command is utilized. Thus, during the mounting of the volume by the file system, the various inodes and directories associated with the file system files, is verified. Next, in step 620, the summary map is loaded. The summary map stores metadata associated with determining which blocks are used by any snapshots stored by the file system. “Snapshot” is a trademark of Network Appliance, Inc. It is used for purposes of this patent to designate a persistent consistency point (CP) image. A persistent consistency point image (PCPI) is a point-in-time representation of the storage system, and more particularly, of the active file system, stored on a storage device (e.g., on disk) or in other persistent memory and having a name or other identifier that distinguishes it from other PCPIs taken at other points in time. A PCPI can also include other information (metadata) about the active file system at the particular point in time for which the image is taken, including, for example, a current copy of the file system information block 105, as described above. The terms “PCPI” and “snapshot” shall be used interchangeably through out this patent without derogation of Network Appliance's trademark rights.

In step 625, the space map is loaded. The space map is a map of the various blocks of the file system noting which are utilized by the active file system and which are free to be allocated. Next, in step 630, the block type map is loaded. The block type map identifies what a block is used for. For example, a block could be utilized as a data holding block, or as a directory block. Next, the snapshot inodes are loaded in step 635. After the loading of the snapshot inodes the snap maps are loaded in step 640. In step 645, the quota trees are loaded. A quota tree (or qtree) is a subset of a volume that is defined by a directory. In the context of quotas, the maximum amount of storage resources available to a qtree can be specified. Thus, if it is desired to limit storage for a project having many users, it would be appropriate to specify a quota on a qtree instead of an actual security object. Multiple qtrees can be created on a single volume, with each qtree having a different size (as desired). However, the qtree can also be created without a limit (quota). A qtree is essentially a mini-volume with the property that every object within the qtree has a qtree ID in its inode. This information is scanned and identified by the file system. This facilitates identification of the applicable qtree for, e.g., a file on a volume.

As each of these file system metadata files is loaded using the modified LoadInode( ) function, each is checked in accordance with the teachings of this invention. Thus, by the completion of a volume mount operation, all required file system metadata files have been checked. Note that some files, such as the mode file, which contain a large quantity of data may be only selectively checked so as to reduce processing time and overhead.

The procedure 700 performed by the verification processes in performing an on-line check in a file system is shown in FIG. 7. In step 705, a process within the storage operating system calls the LoadInode( ) function. As the LoadInode( ) function has been modified, the traditional LoadInode( ) functionality has been supplemented by the procedure described herein. The inode file block which was requested with the LoadInode( ) command is retrieved (step 710). The inode file block could be in-core if it has been recently utilized, or may be physically located on disk. If the inode file block is on disk, then the file system layer will retrieve the data block from disk by sending the appropriate commands to the RAID and disk driver layers of the storage operating system. Next, in step 715, the return message to the process that called the LoadInode( ) function is suspended. This suspension of the return message lasts for the duration of the check of this particular inode. Thus, to the process calling the LoadInode( ) command, it appears that a request has some latency to it. This enables the on-line checking of the file system with minimal disruption of service. Requests for inodes will be delayed while the inodes are checked, but the file system, as a whole, remains on-line and available for use. By “on-line” it is meant that the file system is accessible by users for read and/or write functions.

In step 720, the file system checking routine determines what type of inode has been requested. If the inode requested is a file inode, then the checking routine performs an inode check as described in procedure 800. However, if the inode requested is a directory inode, then the checking routine will perform a directory check as described in procedure 900.

To check a file inode, the buffer trees associated with the mode are verified in accordance with procedure 800 shown in FIG. 8. This procedure works by traversing the various branches of the buffer tree and verifying certain key items. First, in step 805, the inode check verifies that all pointers in the buffer tree are valid. If a pointer is directed to an invalid block, the pointer is cleared.

Next, in step 810, the inode checking process verifies that no cross-links exist within a buffer tree. If a block has multiple pointers to it, the inode checking routine clears all but the first pointer (step 815). Thus, the first block to point to a given block is retained with any other blocks having their pointers removed.

Finally, the inode is marked as being checked (step 820). This marking can be accomplished by modifying a tracking file, described further below, or by modifying a bit within the inode's metadata.

The procedure 900 performed by the verification process in checking a directory is shown in FIG. 9. The checking process follows the directory tree upwards to the root directory. For example, if the sub directory of the path “/dir1/dir2/sub” were being checked, the checking process would first move to the dir2 directory and then to the dir1 directory before finding the root directory. Traversal of the directory tree can be accomplished by, for example, accessing a special entry in a directory that identifies the directory's parent directory. In one embodiment, this special entry is denoted “.” (dot-dot) within a directory.

After the directory tree has been traversed upwards as far as possible, the process determines if the directory is linked to the root directory of the volume (step 910). If the directory is not linked to the root directory, the process determines if the directory is a special directory that should not be linked to the root directory in step 915. An example of such a special directory would be a metadirectory storing file system metadata. Metadirectories are further described in U.S. Pat. No. 7,386,546, issued on Jun. 10, 2008, entitled METADATA DIRECTORY FILE SYSTEM, by Douglas Santry et al. If the directory is not a special case, then the directory is linked to a lost and found directory (step 920) for later processing. The lost and found directory can be accessed by a user or administrator of the filer to determine what further actions should be taken with respect to these directories.

If the directory does link to the root directory or if the directory is a special case that does not need to link to the root directory, the checking process then loads the file system objects that are one level beneath the directory (step 925). These file system objects would include, for example, subdirectories of the selected directory or files stored in the selected directory.

Next, the checking process performs the above-described buffer tree checks of the buffer trees associated with the directory. In step 930, the process verifies that all pointers within the buffer tree are valid. If there are invalid pointers, i.e. a pointer points to an invalid inode or file data block, the pointer is cleared. Next, in step 935, the process checks that no cross links exist within the buffer tree. If multiple blocks point to a given block, the rules stipulate that all but the first pointer is removed in step 940. Finally, in step 945, the directory is marked has having been checked. This marking can be accomplished by the use of a tracking file, described further below.

To ensure that all inodes of a file system are checked in a timely manner, a background process (not shown) is initiated by the file system checking process. By “background process” it is meant generally a process executing at a low priority within the storage operating system that performs a given function with no user input. The procedure performed by this background process is shown in FIG. 10. A counter (N) is initially set to a value of one (step 1005). The background process then calls the LoadInode( ) function requesting the Nth inode, i.e. LoadInode(N). As the LoadInode( ) function has been modified to incorporate checking, the requested inode will be checked. Next, the counter is increased by one (step 1015). The background process determines if all inodes in the file system have been checked in step 1020. This check can be accomplished by utilizing the file system tracking files, described below. If all inodes have been checked, the process completes (step 1025) and exits. Otherwise, the process loops back to function step 1010. Thus, this background process serially requests inodes using the LoadInode( ) function, which causes the inodes and associated buffer trees to be checked.

In the illustrative embodiment, the file system checking procedure creates a file within the file system being checked. This file stores information relating to which inodes, buffer trees and directories have been checked by the file system process. By storing the status within a file on the active file system, memory is saved. In known examples of file system checking programs, the status information relating to the progress of the file system check is stored in the memory of the computer executing the file system check. When the file system is large and includes a substantial number of modes and directories, the memory requirement to store the progress information may also be large. Thus, by storing the information on files in the file system, computer memory resources can be preserved.

To again summarize, after a user or administrator initiates a file system check, the volume containing the file system to be checked is unmounted. In the illustrative embodiment of a WAFL-based file system, this unmounting of the volume forces any caches to be flushed to disk resulting in a coherent file system on the disk. The LoadInode( ) and load buffer commands, which are components of the file system layer of the storage operating system, are modified to include the novel file system checking routines described herein. Once these commands have been modified, the volume is remounted. This mounting procedure entails the loading of numerous metadata files from the file system by the computer. Each of these loading operations utilize the modified LoadInode( ) and load buffer functions. Thus, the inodes buffer trees comprising the metadata files describing the file system are checked.

As processes and applications executing on the computer call the LoadInode( ) command to retrieve an inode, the modified LoadInode( ) command suspends the return message to the calling process while a check is performed of the requested inode. If the inode is part of a directory, a directory check is performed. The directory tree is traversed upwards to the root directory. If the directory does not link to the root directory, a determination is made if the directory is a special directory that does not need to link to the root. If the directory does not link to the root directory and is not a special case, the directory is linked to lost and found file for later processing. Otherwise, the file system objects, including files and directories, which are one layer down from the selected directory are loaded. By loading them using the modified LoadInode( ) command, a check is performed on each of these file system elements. The buffer trees associated with the directory are then checked to ensure that no cross-links or multiple pointers exist.

If the inode requested by the LoadInode( ) command is a regular file inode, then a regular inode check is performed. This inode check entails verifying all pointers of the buffer trees linked to the inode are valid and that no cross-links exist with the associated buffer trees. If multiple pointers exist to a given block, all but the first pointer are cleared. The inode is then marked as being checked.

In an illustrative embodiment, a background process sequentially loads inodes of the file system to ensure that all inodes will be checked in an expeditious manner, even if no user process or application requests the data therein.

The foregoing has been a detailed description of an illustrative embodiment of the invention. Various modifications and additions can be made without departing from the spirit and scope of the invention. Additionally, while this description has been written in reference to filers and file servers, the principles are equally pertinent to all types of computers, including stand alone computers. Further, it is expressly contemplated that the teachings of this invention can be implemented as software, including a computer-readable medium having program instructions executing on a computer, hardware, firmware, or a combination thereof. Accordingly this description is meant to be taken only by way of example and not to otherwise limit the scope of the invention.